Jump to content
BillH99999

False Positive?

Recommended Posts

I have used this utility for years.  Is this a false positive?  When I click on "I want to continue to the site anyway" it just opens another tab with this same block.

Thanks,

Bill

image.thumb.png.4cba5b70e2e04f5c90c60522499ab6c6.png

Edited by BillH99999

Share this post


Link to post

Looks fine on VirusTotal.  Whitelist entry added.

 

Share this post


Link to post

@gonzo

Thanks for the whitelist entry.  Why when I click on "I want to continue to the site anyway" does It just open another tab with this same block. I thought this would allow me to continue on to the site.

Thanks.
Bill

Edited by BillH99999

Share this post


Link to post

If you get that "continue..." choice, that is part of the block page.  You should not even see that.  I verified it is still blocked, which means that the whitelist has not propagated out yet.  It usually takes as much as an hour, though it could be shorter.  Give it a few minutes (and maybe a few more).

Share this post


Link to post

I'm confused.  So I'm not supposed to see that option to continue to the blocked page?  So who should see that option?  If I want to ignore the block and go to the page, how do I do that if I shouldn't see this option?

Share this post


Link to post

Under normal circumstances, you would enter a webpage URL and go there.

If you hit a page blocked by Browser Guard, you would get our block page which contains a link that says "I want to continue to this site anyway" (right next to the GO BACK button).  Clicking that allows you to follow that link ONCE.  If you check the "Do not block..." checkbox before clicking the "continue" link, you would not be blocked in the future.  You likely did not check that checkbox.

Here, the link that gets blocked is an unusual one (www.s3.tgrmn.com).  You would not usually have a "www" preceding a subdomain name.  If you remove the "www", you will find that the remainder of that URL yields XML code that is an "access denied" message.  You wouldn't be able to travel that link anyway.

The whitelist has now propagated out, so the block has been removed.  You can see for yourself that it's essentially a deadend.  I do not know the cause.

Share this post


Link to post
2 minutes ago, gonzo said:

If you hit a page blocked by Browser Guard, you would get our block page which contains a link that says "I want to continue to this site anyway" (right next to the GO BACK button).  Clicking that allows you to follow that link ONCE. 

That is what confused me.  I clicked on it and it didn't allow me to follow the link once.  It just blocked me again.

Share this post


Link to post

Actually, it didn't block you AGAIN.  You asked to be permitted to go to www.s3.tgrmn.com, and it let you do that.  But because the website is configured strangely, you were sent to s3.tgrmn.com.  The first one is IP 99.84.231.152, and the second one is 99.84.231.188.  It is a uniquely different destination, and you were blocked at that destination as well.  Also, the whitelist entry had not propagated out by the time you tried.  You would get different results now, though they wouldn't be any more satisfying than the last time around.

Share this post


Link to post

OK... I think I understand now.  Thanks for being patient and explaining it to me!

Bill

Share this post


Link to post

You're welcome!

Share this post


Link to post

@gonzo

Now it looks like www.bulkrenameutility.co.uk is being blocked.  Why is this being blocked?  What is suspicious about the download?

Thanks,

Bill

image1.jpg

Share this post


Link to post

This one is a bit weird. 

I go to www.bulkrenameutility.co.uk and I'm not blocked. 

I click on Free Download and it takes me to https://www.bulkrenameutility.co.uk/Download.php and I am not blocked.  

I click on Install Bulk Rename Utility and it says I am blocked.  The URL it gives as being blocked is www.bulkrenameutility.co.uk which is the one that wasn't blocked the first two times.

Kind of confusing.  Why is the last one being blocked?

Thanks
Bill

Edited by BillH99999

Share this post


Link to post

It is being blocked because the type of link is a common delivery method for malware.  I have added a whitelist entry for the site to see if this specific piece of the site is affected by whitelisting.

https://www.bulkrenameutility.co.uk/Downloads/BRU_setup.exe

Pages that are EXE download points will often come up as a block.  Give it an hour or so, and let us know if we have not cleared the problem.

Share this post


Link to post

@gonzo

Just checked and I was able to download the file so the whitelist entry worked.

Thanks
Bill

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.